Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25153 | 1 Fortra | 1 Filecatalyst Workflow | 2025-01-21 | N/A | 9.8 CRITICAL |
| A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells. | |||||
| CVE-2024-7025 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-9123 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-50703 | 2024-12-30 | N/A | 5.4 MEDIUM | ||
| TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id. | |||||
| CVE-2024-12123 | 2024-12-04 | N/A | N/A | ||
| A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester can be changed from the original requester to another user in the same application, which the application then accepts. | |||||
| CVE-2023-38520 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4. | |||||
| CVE-2021-1295 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1294 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1293 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1292 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1291 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1290 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1289 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2024-6010 | 1 Stylemixthemes | 1 Cost Calculator Builder | 2024-10-23 | N/A | 5.3 MEDIUM |
| The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator. Note: this vulnerability was partially patched with the release of Cost Calculator Builder version 3.2.17. | |||||